Thursday, September 19, 2013

ClamAV 0.98 has been released!

ClamAV 0.98 includes many new features, across many different components
of ClamAV. There are new scanning options, extensions to the libclamav API,
support for additional filetypes, and internal upgrades.

- Signature improvements: New signature targets have been added forPDF files, Flash files and Java class files. (NOTE: Java archive files(JAR) are not part of the Java target.) Hash signatures can now specifya '*' (wildcard) size if the size is unknown. Using wildcard sizerequires setting the minimum engine FLEVEL to avoid backwardscompatibility issues. For more details read the ClamAV Signaturesguide.

- Scanning enhancements: New filetypes can be unpacked and scanned,including ISO9660, Flash, and self-extracting 7z files. PDFhandling is now more robust and better handles encrypted PDF files.

- Authenticode: ClamAV is now aware of the certificate chains whenscanning signed PE files. When the database contains signatures fortrusted root certificate authorities, the engine can whitelistPE files with a valid signature. The same database file can alsoinclude known compromised certificates to be rejected! Thisfeature can also be disabled in clamd.conf (DisableCertCheck) orthe command-line (nocerts).

- New options: Several new options for clamscan and clamd have beenadded. For example, ClamAV can be set to print infected files anderror files, and suppress printing OK results. This can be helpfulwhen scanning large numbers of files. This new option is "-o" forclamscan and "LogClean" for clamd. Check clamd.conf or the clamscanhelp message for specific details.

- New callbacks added to the API: The libclamav API has additional hooksfor developers to use when wrapping ClamAV scanning. These functiontypes are prefixed with "clcb_" and allow developers to add logic atcertain steps of the scanning process without directly modifying thelibrary. For more details refer to the clamav.h file.

- More configurable limits: Several hardcoded values are now configurableparameters, providing more options for tuning the engine to match yourneeds. Check clamd.conf or the clamscan help message for specificdetails.

- Performance improvements: This release furthers the use of memory mapsduring scanning and unpacking, continuing the conversion started inprior releases. Complex math functions have been switched fromlibtommath to tomsfastmath functions. The A/C matcher code has alsobeen optimized to provide a speed boost.

- Support for on-access scanning using Clamuko/Dazuko has been replacedwith fanotify. Accordingly, clamd.conf settings related to on-accessscanning have had Clamuko removed from the name. Clamuko-specificconfiguration items have been marked deprecated and should no longerbe used.

There are also fixes for other minor issues and code quality changes. Please
see the ChangeLog file for details.